* LuKreme <>:
> On 17-Mar-2009, at 11:47, Andreas Winkelmann wrote:
>>> On 17-Mar-2009, at 03:49, LuKreme wrote:
>>
>>>> I've made sure that /var/run/saslauthd/ is owned by root:postfix (it
>>>> was root:mail) and have removed the authdaemon_path line and am
>>>> trying again. Hopefully this was it.
>>>
>>> That wasn't it, and the ownership by root:mail shouldn't matter as
>>> the
>>> postfix user is part of the mail group. I think I've read everything
>>> twice, and am stumped.
>>>
>>> Should I just start over and install dovecot (cyrus was the only
>>> option way back in the day)?
>>
>> Did you check Patrick`s hint about the stored Passwords in your SQL-
>> Server.
>> Cyrus-SASL auxprop is bound to cleartext Passwords. If you have
>> crypted
>> Passwords, you have to patch Cyrus-SASL.
>
> Ah... I must have missed that. <looks back>
>
> Oh, well, that must be it then. passwords from postfixadmin are stored
> in md5crypt.
>
> (they look like $1$a28cb10c$wzblsb81Kv.F7vnMtqlEf.)
>
> So, more on this patching of Cyrus-SASL?

Dont use the patch. It's old and it braindamages Cyrus SASL. You can use
crypted passwords with Cyrus SASL, if you set it up this way:

Postfix -> libsasl -> saslauthd (PAM) -> PAM mysql -> Mysql DB

That gives you plaintext mechanisms only on client to server communication,
but that's okay as long as you required clients to establish a TLS session
before they may authenticate. Set this to allow plaintext mechs during TLS
only: